diff --git a/Advisories.toml b/Advisories.toml
index dad625b..38f34a3 100644
--- a/Advisories.toml
+++ b/Advisories.toml
@@ -32,3 +32,20 @@ is if an application constructs headers based on unsanitized user input.
 This issue was fixed by replacing all newline characters with a space during serialization of
 a header value.
 """
+
+[[advisory]]
+id = "RUSTSEC-2017-0003"
+package = "security-framework"
+patched_versions = [">= 0.1.12"]
+dwf = []
+date = "2017-03-15"
+url = "https://github.com/sfackler/rust-security-framework/pull/27"
+title = "Hostname verification skipped when custom root certs used"
+description = """
+If custom root certificates were registered with a `ClientBuilder`, the
+hostname of the target server would not be validated against its presented leaf
+certificate.
+
+This issue was fixed by properly configuring the trust evaluation logic to
+perform that check.
+"""
diff --git a/crates/security-framework/RUSTSEC-0000-0000.toml b/crates/security-framework/RUSTSEC-2017-0003.toml
similarity index 96%
rename from crates/security-framework/RUSTSEC-0000-0000.toml
rename to crates/security-framework/RUSTSEC-2017-0003.toml
index e146a6a..d4e8e63 100644
--- a/crates/security-framework/RUSTSEC-0000-0000.toml
+++ b/crates/security-framework/RUSTSEC-2017-0003.toml
@@ -2,6 +2,7 @@
 package = "security-framework"
 patched_versions = [">= 0.1.12"]
 dwf = []
+date = "2017-03-15"
 url = "https://github.com/sfackler/rust-security-framework/pull/27"
 title = "Hostname verification skipped when custom root certs used"
 description = """